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DETAILED ACTION 

1. 

Claims 1-25 are pending 
Claim 1 is amended 
Claims14-15 are cancelled 

Response to Arguments 

Applicant's arguments filed 6/25/2007 have been fully considered but they are 
not persuasive. 

The Applicant argues (pg. 9 of Remarks) "The present invention is intended to 
limit access to files that are downloaded from a database over the Internet to provide 
security for the files. This is accomplished by limiting access to downloadable files to a 
predetermined period of time and blocking access after the file is downloaded or the 
period of time expires," 

Applicant further argues that the Examiner's assertion that access to the 
database for downloading the file is inherently blocked eventually after the file has 
been downloaded, is incorrect. The Applicant supports this by saying "The Examiner's 
use of the term "eventually" means that the database is accessible for an unknown and 
possibly extended period of time... 'Eventually' could mean a week, a month, a year or 
several years. The Applicant's method provides security for downloadable files by 
allowing access to the files for a predetermined, finite period of time and immediately 
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blocking access either after the file is downloaded or after the period of time expires (pg. 
9 of Remarks)." 

The Applicant's Claim 1 as amended recites the limitation "blocking access to the 
file for downloading the file after the file has been downloaded or the period of time has 
expired." The Examiner would like to point out that the claim language claims that 
access is blocked after the file has been downloaded or the period of time expired. The 
following arguments from the Examiner concern the case "after the file has been 
downloaded." 

Regarding the Applicant's assertion that "eventually" could mean a week, a 
month, a year or several years, the Examiner agrees. However the claim language 
"after the file has been downloaded" is so vague that access being terminated 
"eventually" (by means of a time-out or other system safeguards) lies within the scope 
of "after the file has been downloaded." 

The Applicant argues that the Applicant's method provides security... by 
" immediately blocking access after the file is downloaded." This is not supported by the 
claims, originally or as amended. Therefore the Examiner finds the argument that Baltes 
does not teach immediately blocking access as moot, because it is not claimed. 

The Applicant argues that "There is no basis for finding that access to the 
downloadable file in Baltes is blocked after the file is downloaded (pg. 10)." 

The Applicant then argues that The Office action states that: "The Examiner 
interprets blocking access to the database as terminating the link between the database 
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and the router." In a very broad sense, this is correct, but it misinterprets claim 1." The 
Applicant then describes how "blocking access" as taught by the Applicant is different 
than the prior art and the Examiner's interpretations in pages 1 1-13 of Remarks. 

Regarding the argument that there is no basis for finding the access to the 
downloadable file in Baltes is blocked after the file is downloaded, the Examiner claims 
that blocking of access inherently happens eventually. In other words, in some way or 
another (whether being time out, or any other means) the connection between a 
database and user eventually is terminated. The Applicant admits that the Examiner's 
interpretation of "blocking access" is in a very broad sense correct, but misinterpreted. 
Because claim language is inspected under the broadest reasonable interpretation, 
which the Applicant admits is correct; the Examiner maintains the previous argument. 

The Applicant then argues that "Bertino limits the validity of authorization for 
accessing a database to temporal periods, but does not restrict or limit the availability of 
downloadable files on the database" (pg. 13 of Remarks). 

The Applicant further argues that "Bertino's method assumes that the files in the 
database are accessible at all times. Moreover, once an authorization expires, there is 
nothing in Bertino's method that prevents an unauthorized user from accessing a file on 
the database using a different, "unexpired" authorization. 

Regarding these arguments, the Examiner does not see how limiting the time 
that for accessing a database does not restrict or limit the availability of downloadable 
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files on the database. If a user cannot access a database, a user cannot download files 
from the database. 

Regarding the Applicant's hypothetical situation where "once an authorization 
expires, there is nothing in Bertino's method that prevents an unauthorized user form 
accessing a file on the database using a different, 'unexpired authorization* " the 
Examiner: 

1) does not see where in the claim language the Applicant has claimed a method 
that "prevents an unauthorized user from accessing a file on the database v using a 
different, "unexpired authorization." 

2) does not see how a user can be "unauthorized" if still possessing a different 
"unexpired authorization." 

The Applicant then argues that "the present invention does not limit the period of 
time when users can access a database but, instead, limits the period of time when 
individual files in the database can be accessed for downloading (pg. 14 of Remarks)." 

This is simply not supported by the Claim language. The Claim language recites 
"blocking access to the database for downloading the file after... the period of time has 
expired." Nowhere in the claim language does the claim mention limiting "the period of 
time when individual files in the database can be accessed (pg. 14 of remarks)." 

Therefore the Examiner finds all of the above arguments unpersuasive and 
maintains the original rejection, only changing the rejection to Claim 1 as necessitated 
by the amendment by the Applicant. 
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Claim Rejections - 35 USC § 102 



3. 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-4 are rejected under 35 U.S.C. 102(e) as being anticipated by Baltes 
(US 2003/0103615). 



Regarding Claims 1-3, 

Baltes teaches a method for securely downloading files to a managed device, the 
method comprising the steps of: 

selecting a managed device for interfacing with networks or devices over the 
Internet; ("To access the Internet, customer premises network equipment (CPNE) such as 
broadband modems, routers, and modem-router combination products require being setup" 
Paragraph [0002]) 

assigning a unique identification number to the device; 
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creating a file for the managed device on a database, wherein the file can be 
downloaded over the Internet to the managed device; fa method in which a central 
server may be contacted when configuration information is needed for a broadband 
communication device. This contact may be initiated via a dial-up modem." Abstract). The 
Examiner interprets that the file has inherently been created. 

creating an access verification program for downloading the file, wherein the 
access verification program permits a user of the managed device at a remote location 
to access the file over the Internet by entering the unique identification number, and 
wherein the access verification program permits the user to download the file over the 
Internet for a period of time; receiving an identification number by from the user; 
verifying that the identification number received from the user is the same as the 
unique identification number; ("The central server then determines who the customer is 
through an identification of the source of the communication... The central server is able to 
access a number of databases that contain configuration information for the customer." 
Paragraph [0019] lines 1-3, Paragraph [0020] lines 1-3) 

permitting access to the database by the user for downloading the file for a 
period of time; downloading the file from the database to the managed device; 
and blocking access to the database for downloading the file after the file has been 
downloaded or the period of time has expired. ("The central server downloads the 
configuration information from the database. Then, it transfers the configuration information 
over the dialup communication link. Once the configuration information is at the broadband 
communication device, the broadband communication device may use the information to 
configure itself. " Paragraph [002 1 ]) 
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The Examiner notes that all routers inherently are assigned identification 
numbers/serial numbers. The Examiner also notes that access to the database for 
downloading the file is inherently blocked eventually after the file has been 
downloaded. 

Regarding Claim 2, the Examiner interprets configuration information as 
configuration file. Regarding Claim 3, a router is included in the list of devices, 
where the access to the database for downloading the file is inherently blocked after 
the file has been downloaded. 

The Examiner interprets blocking access to the database as terminating the link 
between the database and the router. 

Regarding Claim 4, 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1, wherein the unique identification number is the serial number of 
the managed device. ("Furthermore, a broadband communication device serial number may 
be provided to the central server. " Paragraph [0019]) 
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Claim Rejections - 35 USC § 103 

4. 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
, Patentability shall not be negatived by the manner in which the invention was made. 



This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 
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Claims 6-8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Baltes in view of Bertino's paper "A Temporal Authorization Model" (1994). 

Regarding Claims 6, 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1 . 

However Baltes does not teach that the period of time is predetermined. 

Bertino teaches "a discretionary access control model in which authorizations 
contain temporal information. This information can be used to specify temporal 
intervals of validity for authorizations and temporal dependencies among authorizations 
(Abstract)" 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Baltes with the teachings of Bertino 

The motivation to combine is that Bertino teaches a well known technique in 
access control which teaches limiting authorization using temporal constraints. 

Baltes and Bertino do not explicitly teach that downloading is the access mode, 
or privilege, for which authorization is granted. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include downloading as a privilege in the Access Control model of Bertino. 
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The motivation is the right to download is a well-known right in Access Control 
models. 



Regarding Claim 7, 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1 . 

However Baltes does not teach that the period of time is less than 4 hours. 

Bertino teaches "a discretionary access control model in which authorizations 
contain temporal information. This information can be used to specify temporal 
intervals of validity for authorizations and temporal dependencies among authorizations 
(Abstract)" 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Baltes with the teachings of Bertino 
The motivation to combine is that Bertino teaches a well known technique in 

* 

access control which teaches limiting authorization using temporal constraints. 



Baltes and Bertino do not explicitly teach that downloading is the access mode, 
or privilege, for which authorization is granted. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include downloading as a privilege in the Access Control model of Bertino. 

The motivation is the right to download is a well-known right in Access Control 
models. 

Baltes and Bertino also do not explicitly teach where the time limit is less than 
four hours. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to limit the time interval of Bertino to less than hour hours. 

The motivation for the time period to be less than 4 hours is acclimate users 
requirement. 

Regarding Claim 8, 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1. 

However Baltes does not teach that the period of time is less than 1 hour. 

Bertino teaches "a discretionary access control model in which authorizations 
contain temporal information. This information can be used to specify temporal 
intervals of validity for authorizations and temporal dependencies among authorizations 
(Abstract)" 
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It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Baltes with the teachings of Bertino 

The motivation to combine is that Bertino teaches a well known technique in 
access control which teaches limiting authorization using temporal constraints. 

Baltes and Bertino do not explicitly teach that downloading is the access mode, 
or privilege, for which authorization is granted. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include downloading as a privilege in the Access Control model of Bertino. 

The motivation is the right to download is a well-known right in Access Control 
models. 

Baltes and Bertino also do not explicitly teach where the time limit is less than 
one hour. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to limit the time interval of Bertino to less than hour hours. 
The motivation for the time period to be less than 1 hour is acclimate users 
requirement. 

Claims 5, 9-13, 16-17, 21-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Baltes in view of Mehler (US 2002/0179709) 
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Regarding Claims 5, 9-13 

Baltes teaches the method for securely downloading files to a managed device 
according to claim 1. Particularly Baltes teaches a "serial number may be provided to 
the central server" Paragraph [0019]. 

However Baltes does not teach further comprising selecting a portable device for 
reading the unique identification number, where the device may be a bar code scanner. 
Additionally Baltes does not teach a password being entered into the portable device. 
Finally Baltes does not teach the combination of the password and ID to be 
downloaded from the portable device to the database. 

Mehler teaches a method of "(a) receiving at least one authorized user password 
associated with a transaction code; (b) receiving at least one single-use code carrier 
bearing a transaction code... printed thereon in an optically readable digital code (c) 
presenting the code carrier and the password for verification in order to receive 
authorization" (Paragraph [0028]). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the method of Baltes with the teachings of Mehler. 
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The motivation to combine is for "securely carrying out a... transaction. (Paragraph 
[0028])" 

The Examiner interprets that the step of presenting the code carrier and the password 
for verification as downloading the ID number and password from the portable device 
to the database. The Examiner interprets that if a password is received it must 
inherently first been assigned. 



Regarding Claims 16-17 and 21-24 

Baltes teaches all the limitations of Claim 16 (See Regarding Claim 1) including the 
use of a serial number (See Regarding Claim 4), with the exception of assigning a 
unique password to the router, receiving a password from the user, and verifying the 
password received by the user. Baltes teaches all the limitations of Claim 21-23 
except for the ID and password being read by a barcode scanner which is then 
downloaded to the router to the database. 

Mehler teaches a method of "(a) receiving at least one authorized user password 
associated with a transaction code; (b) receiving at least one single-use code carrier 
bearing a transaction code... printed thereon in an optically readable digital code (c) 



t 
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presenting the code carrier and the password for verification in order to receive 
authorization... (d) receiving verification of a match between the transaction code and 
the transaction account and verification of the password" (Paragraph [0028]). The 
Examiner interprets that the password has inherently been assigned to the router. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the method of Baltes with the teachings of Mehler. 

The motivation to add an additional password is for additional security. The motivation 
to use a barcode scanner and download the ID and password to the database is to 
provide a way to read provide verification. 

Concerning Claim 24, the access to the database js inherently terminated after the file 
is downloaded. 

Claims 18-20 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Baltes in view of Mehler as applied to claim 16 above, and further in view of 
Bertino. 



Regarding Claims 18-20 and 25 «■ 
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All the limitations of Claim 18-20 and 25 are anticipated in the rejection of claim 
16, except that the period of time is predetermined. 

Bertino teaches "a discretionary access control model in which authorizations 
contain temporal information. This information can be used to specify temporal 
intervals of validity for authorizations and temporal dependencies among authorizations 
(Abstract)" 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the method of Baltes with the teachings of Bertino 

The motivation to combine is that Bertino teaches a well known technique in 
access control which teaches limiting authorization using temporal constraints. 

Baltes and Bertino do not explicitly teach that downloading is the access mode, 
or privilege, for which authorization is granted. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include downloading as a privilege in the Access Control model of Bertino. 

The motivation is the right to download is a well-known right in Access Control 
models. 

It is inherent that downloading will be blocked if there is a time limit for downloading. 



Conclusion 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Harris C. Wang whose telephone number is 
5712701462. The examiner can normally be reached on M-F 8-5:30, Alternate Fridays 
Off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, AYAZ R. SHEIKH can be reached on (571)272-3795. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

HCW 
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